Cryptographic techniques (whether based on symmetric key cryptography, or asymmetric key cryptography or both) have been used in various systems and networks to secure both data and messages. The appropriate choice of cryptographic primitives in a specific context may depend on various factors, such as for example, computational resource constraints or threat models.
Warning messages are a particular type of message that have been used to provide timely and accurate alerts, warnings and critical information regarding disasters and other emergencies. Examples of warning messages include the Public Warning System (PWS) messages described in the context of the Third Generation Partnership Project (3GPP). PWS provides a framework for Korean Public Alert System (KPAS), European Warning System (EU-ALERT), and Commercial Mobile Alert System (CMAS) messages which may fall into three classes: Presidential; Imminent Threat and Child Abduction Emergency; and Earthquake and Tsunami Warning System (ETWS) messages.
The structure, syntax and protocol for warning messages are typically determined by regulatory requirements. Often warning messages are constructed to be robust and compact, to facilitate communication of important information during a bandwidth constrained situation, either due to physical constraints imposed on a communications network, or due to event-based traffic that results in higher than normal traffic over the network.
Warning messages may include multiple components; for example, the warning message may include a description of the event, the geographical area affected by the event, a recommended action, an expiration time for the warning message; and the identity of an agency responsible for the warning message.
There is a general interest to enhance the reliability, resiliency, and security of messages, and in particular, warning messages to enable the public to take appropriate action to protect their families and themselves from serious injury, or loss of life or property. Therefore, the transmission of messages over communication networks may require that certain security requirements be met. For example, security requirements for notifications may include any one or more of the following: (a) the integrity of the messages is protected; (b) the communication network will protect against false messages; and (c) only messages from authorized and authenticated sources will be transmitted via the communication network. Such security requirements may serve to minimize the reception of false messages that may reduce the effectiveness of the messaging system, and in the case of warning messages, false messages may reduce the effectiveness of the network as users become less responsive. False messages may also cause confusion, hazardous conditions and/or widespread panic.
The security requirements for messages may be subject to regulatory policies and may also vary from region to region. An example of security requirements for notifications such as warning messages may be found in the requirements for Public Warning System (PWS) messages broadcast in 3GPP, as specified in the document, 3GPP TS 22.268 v11.2.0, “Public Warning System (PWS) requirement (Release 11)”.
In addition to the security requirements, messages may also be associated with certain latency requirements which require the messages to be of limited size. For example, the Earthquake and Tsunami Warning System (ETWS) being standardized may contain a requirement that warning messages transmitted in these systems have a latency of less than 4 seconds from broadcast to receipt by an end computing device. Such requirements may ensure that messages are received by users in a timely fashion. Such latency and/or other requirements may place a size constraint limiting a number of bits used for the messages and/or any associated fields (e.g., security bits).
Furthermore, due to the heterogeneous nature of large communication systems, it is often difficult to ensure time synchronization between each and every broadcast server sending messages, and recipient communication devices. Accordingly, the security and size requirements of the messages must further accommodate the need to differentiate between currently broadcast and previously broadcast messages.
A malicious intermediary attempting to disrupt communications may intercept an original broadcast and retransmit the broadcast at a later point in time to execute a “replay attack”. Similarly, out of date servers on the network may ‘innocently’ forward out of date messages. In order to forestall replay attacks or simple errors, it is desirable to distinguish between current and previously broadcast messages in order to reduce false positive message receipts by users.
Communication networks should be designed to ensure that the security and latency requirements for these messages are satisfied while ensuring minimal bandwidth overhead and minimal resource consumption both in the core network and in the radio interface. In addition, the network design may have to ensure that legacy communication devices on the network are also able to process notifications, so as to avoid liability caused due to users of such legacy devices not being aware of notifications. The network design may also have to account for mobile devices that may roam from one network to another.
Like reference numerals and designations in the various drawings indicate like elements.